Six Illinois residents have sued Michaels Stores, Inc. ("Michaels" or "Defendant"), an arts and crafts retailer, for failing to secure their credit and debit card information during in-store transactions made between May 8, 2013 and January 27, 2014. The complaint asserts claims for breach of implied contract (Count I) and violations of state consumer fraud statutes (Counts II-IV). See Dkt. No. 47 ("Compl."). Michaels argues that Plaintiffs lack standing and have failed to state a claim upon which relief may be granted. See Fed.R.Civ.P. 12(b)(1), 12(b)(6). I grant Defendant's motion to dismiss for the reasons stated below.

I.

In presenting the facts, I accept as true all well-pled allegations in the complaint and draw all reasonable inferences in Plaintiffs' favor. Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). However, "[I am] not bound to accept as true a legal conclusion couched as a factual allegation."

On January 25, 2014, Michaels posted the following announcement on its website:

As you may have read in the news, data security attacks against retailers have become a major topic of concern. We recently learned of possible fraudulent activity on some U.S. payment cards that had been used at Michaels, suggesting we have experienced a data security attack.

We are working closely with federal law enforcement and are conducting an investigation with the help of third-party data security experts to establish the facts. Although the investigation is ongoing, based on the information we have received and in light of the widely-reported criminal efforts to penetrate the data systems of U.S. retailers, we believe it appropriate to notify our customer that a potential issue have may have occurred.

...

... If we find as part of our investigation that any of our customers were affected, we will offer identity protection and credit monitoring services to them at no cost.

Compl. at ¶ 2 (referencing and providing link to press release that Michaels posted on Jan. 25, 2014); see also Adams v. City of Indianapolis, 742 F.3d 720, 729 (7th Cir. 2014) (documents referenced in the complaint and central to the claims asserted may be considered at the motion to dismiss stage without converting underlying motion to one for summary judgment).

On April 16, 2014, I granted various motions to reassign and consolidate the four cases referenced above. See Dkt. No. 43. One day later, Michaels issued a second press release confirming that the company had, in fact, experienced a data security breach at "a varying number of stores between May 8, 2013 and January 27, 2014." Compl. at ¶ 3 (referencing and providing link to press release that Michaels posted on Apr. 17, 2014). Michaels reported that malicious software or "malware" had attacked point-of-sale systems containing customers' payment card numbers and expiration dates. The company's investigation revealed that the data breach impacted approximately 2.6 million credit or debit cards.

At the time it issued the April 17, 2014 press release, Michaels claimed that it had received a "limited number of reports from the payment card brands and banks of fraudulent use of payment cards potentially connected to Michaels or Aaron Brothers." Def.'s Ex. B. In light of these reports, Michaels offered twelve months of identity protection, credit monitoring, and fraud assistance services to affected customers at no cost.

Plaintiffs in this consolidated class action are six customers who made a credit or debit card purchase at a Michaels store in Illinois during the data breach period. They believe that their credit or debit card information was exposed and could be misused. Christina Moyer ("Moyer") is the only plaintiff who purchased credit monitoring or other protection to guard against the risk of identity theft. See Compl. at ¶ 12. Notably, Plaintiffs have not incurred fraudulent charges on the credit or debit cards they swiped at a Michaels store during the data breach period.

Michaels has moved to dismiss the consolidated complaint on two grounds: (1) Plaintiffs lack standing because their asserted injuries are too speculative and (2) Plaintiffs have failed to state a plausible claim upon which relief may be granted. These arguments raise distinct concerns about jurisdiction and the legal sufficiency of the complaint. See Payton v. County of Carroll, 473 F.3d 845, ...

Our website includes the first part of the main text of the court's opinion.
To read the entire case, you must purchase the decision for download. With purchase,
you also receive any available docket numbers, case citations or footnotes, dissents
and concurrences that accompany the decision.
Docket numbers and/or citations allow you to research a case further or to use a case in a
legal proceeding. Footnotes (if any) include details of the court's decision. If the document contains a simple affirmation or denial without discussion,
there may not be additional text.

Buy This Entire Record For
$7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.